This document covers TryAClass (the student iOS app), TryAClass Business (the operator iOS app), and the marketing site at tryaclass.fit.
1. Who we are
TryAClass.fit is a service provided by ZEITH Co. ("we", "our"). We act as a data controller for personal information collected directly from end users, and as a data processor for information operators ("studios") instruct us to process about their leads.
Contact: zeithco@gmail.com
2. What we collect
From operators (paying customers, TryAClass Business)
- Account: email, password (magic-link only, never stored as plaintext), authentication tokens
- Studio: name, city, country, modalities, schedule
- Subscription: Apple In-App Purchase receipt status (we do NOT store payment card data)
- Device: model, OS version, app version, IP address (security and analytics)
From students (free, TryAClass)
- Account: email, full name, city, country, optional birth year (13+ only)
- Booking: studios viewed, classes reserved, attendance status
- Device: model, OS version, app version, IP address
- Optional approximate location (with consent) to suggest nearby studios
From leads (collected by operators on our behalf)
Name, email, phone (optional), trial preference, UTM source.
3. How we use it
| Purpose | Lawful basis (GDPR) |
|---|---|
| Provide the booking and follow-up service | Contract performance (Art. 6(1)(b)) |
| Send transactional notifications about your bookings | Contract performance |
| Detect fraud and abuse | Legitimate interest (Art. 6(1)(f)) |
| Marketing emails (operators, opt-in) | Consent (Art. 6(1)(a)) |
| Analytics with anonymisation | Legitimate interest |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do NOT sell personal information. We do NOT use personal data for cross-context behavioural advertising.
5. International transfers
Our infrastructure is primarily based in the United States. If you access TryAClass from the EU/UK, your personal data is transferred to the US under Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Retention
- Account data: until deletion + 30 days backup grace
- Booking history: 24 months after last booking, then anonymised
- Lead data: 18 months after last activity
- Audit log: 7 years (legal requirement)
- Crash reports: 90 days
7. Your rights
You have the right to access, correct, delete (Art. 17), export (Art. 20), object to processing, and lodge a complaint with your local supervisory authority.
Exercise: email zeithco@gmail.com or use in-app Settings → Delete my account. We respond within 30 days.
8. California residents (CCPA)
You may request to know, delete, or opt-out of "sale" of your personal information. We do NOT sell. Use the contact channel above.
9. Children
TryAClass is not intended for children under 13. If you believe a child has created an account, email zeithco@gmail.com and we will delete the data.
10. Security
- HTTPS/TLS 1.2+ on all connections
- Database encrypted at rest and in transit
- Tokens stored in iOS Keychain via Expo SecureStore
- Row-Level Security on every database table; default deny
- Apple IAP receipts validated server-side
- No service-role keys in mobile bundles
- Secrets scanned via gitleaks pre-commit
- Annual penetration test (planned post-PMF)
11. Changes
Material changes are communicated via email to operators and an in-app banner to students at least 14 days before they take effect.
12. Contact
Email: zeithco@gmail.com